Google Chrome announced that it will show a prominent “Not Secure” message in the browser bar starting in October 2018. Consider this your final warning. After October 2018 Chrome and likely all other Chrome based browsers like Vivaldi will display enhanced security warnings that may create higher bounce rates for your site and concomitantly lower sales and conversions.

Currently Google is displaying a green icon to indicate that a website is secure. Google reports that because so many sites are now secure, they will begin to flag the insecure sites with a prominent red warning.

Additionally Chrome will stop displaying the green icon for secure websites. The reasoning behind this decision is that HTTPS should be considered the default state of a website, particularly now that so many websites are secure. User expectations should be that a site is secure. Thus it makes sense that a warning should be reserved for a dangerous situation, not for a safe situation.

What exactly is your beef? Green mark or not, what this means is that if you have ignored warnings about HTTPS until now, you'd better stop ignoring them and convert.

This is not just about Google, although it can and does affect rankings now. You will have the same issue in other browsers about sites not being secure, especially anywhere a member or potential member is entering a password.

What exactly is your beef? Green mark or not, what this means is that if you have ignored warnings about HTTPS until now, you'd better stop ignoring them and convert.

This is not just about Google, although it can and does affect rankings now. You will have the same issue in other browsers about sites not being secure, especially anywhere a member or potential member is entering a password.

Click to expand...

I've been using SSL for ages so this is not my case.

SSL is a good practice for site owners, but this shows how Google attempt to control the web because they own Chrome. I wonder what will be next event after this.

It's not about 'removing the green mark', incidentally. Stuff sent over HTTP is trivially snoopable - and trivially interruptible.

Meaning that it's not difficult to eavesdrop on sites that have logins (like, say, forums) and grab passwords, especially in the modern age where a lot of access is done over wireless connections that can be snooped on absolutely trivially. As for interruptible, doing MITM attacks and changing content midflight is not a new idea and much harder to do on HTTPS (though, I'll note, far from impossible)

It won't confuse me. I never even notice the green locks anymore until it's not there, relaxed by either a red flag or that icon with a red slash through it.

That is exactly Google's point. We don't need a bunch of green flags anymore. We only need to highlight when there's a problem with a website.

Think of all the warning lights on a car dashboard. We don't have a hundred little green lights. We just have red warning lights when a problem occurs.

Click to expand...

Well for people here i have high hope that they understand what they see. But people that are non technical and only do normal plain stuff this will get them confused. Especially when Chrome does A, Edge does B and Firefox does B also.

It will confuse a lot of people, esp since its been pushed by many sources as the way to tell if the site is secure.
Its a pointless thing to do - having a green (or red) lock there doesnt cause anyone any issues, so why remove it ?

It will confuse a lot of people, esp since its been pushed by many sources as the way to tell if the site is secure.
Its a pointless thing to do - having a green (or red) lock there doesnt cause anyone any issues, so why remove it ?

Click to expand...

As I said above, one reason is "flag blindness" (cf. ad blindness and lights on a car dashboard). If flags only appear when there's a potential problem, you are more likely to notice them.

As I also said above, I don't even "see" the green padlocks on my own sites or those I visit regularly any more. I only notice the non-secure flags.

It's just transitional. Within another month or two, Firefox and Edge will follow suit.

Click to expand...

You have just proved my point that Google somehow succesfully controlled the web.
I'm not against this decision for SSL of course, just don't like it if they removed green mark, when there is no better protocol.

As far as I can see its a bit like saying we dont need green traffic lights anymore, if its red, stop, otherwise go.

Click to expand...

And that's why they are called stop signs... there's no need to a green sign at the intersections that you have right of way.

I am of the camp that it's better to make something that stands out from what the "norm" should be and ONLY warn. The green lock was - for a long time - outside the "norm" and was used to assure the users of a secure site. Now all they plan to do is just the opposite. If the site is secure, don't have anything special but WARN if it is not under SSL.
Where this is going to hurt is those that are to damn lazy to take the time to use SSL on their sites. I fully expect to see those admins screaming bloody murder once something like this goes into effect.

Where this is going to hurt is those that are to damn lazy to take the time to use SSL on their sites. I fully expect to see those admins screaming bloody murder once something like this goes into effect.

Click to expand...

It's going to hurt EV SSL certificate commercial providers' bottom line as for so long they have marketed that EV green indicator was a what you'd want to see, now Chrome and other web browsers are going to take that away.